You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ponymail.apache.org by se...@apache.org on 2016/12/09 15:01:07 UTC
incubator-ponymail git commit: private messages are now included in
downloads if the user has access
Repository: incubator-ponymail
Updated Branches:
refs/heads/master 28214f682 -> e2138b9d2
private messages are now included in downloads if the user has access
This fixes #108
This fixes #169
Project: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/commit/e2138b9d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/tree/e2138b9d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/diff/e2138b9d
Branch: refs/heads/master
Commit: e2138b9d2a1c2a7cca761653cc0503539d0f6f10
Parents: 28214f6
Author: Sebb <se...@apache.org>
Authored: Fri Dec 9 14:59:34 2016 +0000
Committer: Sebb <se...@apache.org>
Committed: Fri Dec 9 15:00:15 2016 +0000
----------------------------------------------------------------------
CHANGELOG.md | 2 +-
site/api/lib/utils.lua | 41 +++++++++++++++++++++++++++++++++++++++++
site/api/mbox.lua | 20 ++++++++++++++++++--
3 files changed, 60 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/e2138b9d/CHANGELOG.md
----------------------------------------------------------------------
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a0b763f..1dd722d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,5 @@
## CHANGES in 0.10:
-
+- private messages are now included in downloads if the user has access to them (#169, #108)
## CHANGES in 0.9b:
http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/e2138b9d/site/api/lib/utils.lua
----------------------------------------------------------------------
diff --git a/site/api/lib/utils.lua b/site/api/lib/utils.lua
index 693bff8..4db196e 100644
--- a/site/api/lib/utils.lua
+++ b/site/api/lib/utils.lua
@@ -48,3 +48,44 @@ function findParent(r, doc, elastic)
end
+--[[
+ parse a listid
+ returns the full lid, listname and the domain from "<listname.domain>"
+ where listname cannot contain any "." chars
+]]--
+function parseLid(lid)
+ return lid:match("^<(([^.]+)%.(.-))>$")
+end
+
+
+-- does the user have the rights to access the mailing list?
+-- N.B. will fail if rights or list_raw are invalid
+function canAccessList(rights, lid)
+ -- we don't need the name
+ local flid, _ , domain = parseLid(lid)
+ for _, v in pairs(rights) do
+ if v == "*" or v == flid or v == domain then
+ return true
+ end
+ end
+ return false
+end
+
+-- does the user have the rights to access the document?
+-- N.B. will fail if doc is invalid; may fail if rights is invalid
+function canAccessDoc(rights, doc)
+ if doc.private then
+ return canAccessList(rights, doc.list_raw)
+ else
+ return true
+ end
+end
+
+--[[
+ TODO the canAccess functions perhaps belong in aaa.lua.
+ This would allow sites to have their own ways of matching lists to rights and individual docs
+ This should be dealt with if/when aaa.lua is split up into generic and local parts.
+
+ Also the functions do not check their parameters.
+ This is because they may be called frequently.
+]]--
http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/e2138b9d/site/api/mbox.lua
----------------------------------------------------------------------
diff --git a/site/api/mbox.lua b/site/api/mbox.lua
index 331a8c2..a737d90 100644
--- a/site/api/mbox.lua
+++ b/site/api/mbox.lua
@@ -19,6 +19,9 @@
local elastic = require 'lib/elastic'
local cross = require 'lib/cross'
+local user = require 'lib/user'
+local aaa = require 'lib/aaa'
+require 'lib/utils'
local days = {
31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31, 30, 31
@@ -93,11 +96,24 @@ function handle(r)
},
size = 10000
}
-
+
+ local account = user.get(r)
+ local rights = nil
+ local listAccessible = nil -- not yet initialised
-- for each email, get the actual source of it to plop into the mbox file
for k, v in pairs(docs.hits.hits) do
v = v._source
- if not v.private then
+ -- aaa.rights() can be expensive, so only do it once per download
+ if v.private and listAccessible == nil then
+ -- we are dealing with a single list here so only need to check once
+ if account then
+ local rights = aaa.rights(r, account)
+ listAccessible = canAccessList(rights, lid)
+ else
+ listAccessible = false
+ end
+ end
+ if listAccessible or not v.private then
local doc = elastic.get('mbox_source', v.mid)
if doc and doc.source then
r:puts("From \n")